奇怪的 DNS 应答规律（是否和 DNSSEC 有点关系？）

最近发现 B 站有时无法用 Firefox 打开，过几分钟又可以，然后又不行。的确网上有 B 站服务器崩的消息

• B 站崩了是怎么回事 B 站崩了事件回顾
• B 站崩了
• 哔哩哔哩官方回应 B 站崩了：部分服务器机房发生故障

以上是背景，以下本帖正文开始：

尝试 dig 其 DNS www.bilibili.com，发现一些不理解的现象

• 第一次 query 返回正常结果，有几个 IP 。
• 接下来的两分钟内，返回的都是“奇怪”结果（我的 ISP 是有 DNS 抢答的，随便使用一个不存在的 DNS 都有应答，不知道是否有关）:
  • 仅有一个 IP ，
  • 并且带损坏警告(dig 的结果)，和Cannot handle DNSSEC security RRs
  • 那一个 IP 是被 wiresharks 显示在 additional record 里

Wireshark 抓包结果摘要：

25 7.346083883 192.168.3.19 192.168.3.1 DNS 101 Standard query 0xd6cf A www.bilibili.com OPT 26 7.354332337 192.168.3.1 192.168.3.19 DNS 185 Standard query response 0xd6cf A www.bilibili.com CNAME g.w.bilicdn1.com A 139.159.241.37 A 8.134.50.24 A 8.134.32.222 A 8.134.64.214 A 139.159.246.60 38 14.266273690 192.168.3.19 192.168.3.1 DNS 101 Standard query 0xbeed A www.bilibili.com OPT 39 14.267774911 192.168.3.1 192.168.3.19 DNS 117 Standard query response 0xbeed A www.bilibili.com OPT A 139.159.241.37 44 15.994234720 192.168.3.19 192.168.3.1 DNS 101 Standard query 0x0fd2 A www.bilibili.com OPT 45 15.995820491 192.168.3.1 192.168.3.19 DNS 117 Standard query response 0x0fd2 A www.bilibili.com OPT A 139.159.241.37 

dig 的输出：

值得注意的是malformed message packet警告，和CLASS4096 + 有点像 base64 的奇怪字符串

（仅在 这里 找到一个 DNSSEC 文档有提到CLASS4096）

================= $ dig www.bilibili.com ; <<>> DiG 9.16.6 <<>> www.bilibili.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54991 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.bilibili.com. IN A ;; ANSWER SECTION: www.bilibili.com. 159 IN CNAME g.w.bilicdn1.com. g.w.bilicdn1.com. 10 IN A 139.159.241.37 g.w.bilicdn1.com. 10 IN A 8.134.50.24 g.w.bilicdn1.com. 10 IN A 8.134.32.222 g.w.bilicdn1.com. 10 IN A 8.134.64.214 g.w.bilicdn1.com. 10 IN A 139.159.246.60 ;; Query time: 8 msec ;; SERVER: 192.168.3.1#53(192.168.3.1) ;; WHEN: 日 3 月 27 11:48:25 CST 2022 ;; MSG SIZE rcvd: 141 ================= $ dig www.bilibili.com ;; Warning: Message parser reports malformed message packet. ; <<>> DiG 9.16.6 <<>> www.bilibili.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48877 ;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.bilibili.com. IN A ;; ANSWER SECTION: . 0 CLASS4096 OPT 10 8 wCc4o9F+e3A= ;; ADDITIONAL SECTION: www.bilibili.com. 3 IN A 139.159.241.37 ;; Query time: 4 msec ;; SERVER: 192.168.3.1#53(192.168.3.1) ;; WHEN: 日 3 月 27 11:48:31 CST 2022 ;; MSG SIZE rcvd: 73 ================= $ dig www.bilibili.com ;; Warning: Message parser reports malformed message packet. ; <<>> DiG 9.16.6 <<>> www.bilibili.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4050 ;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.bilibili.com. IN A ;; ANSWER SECTION: . 0 CLASS4096 OPT 10 8 1cTrUUA0aJo= ;; ADDITIONAL SECTION: www.bilibili.com. 1 IN A 139.159.241.37 ;; Query time: 4 msec ;; SERVER: 192.168.3.1#53(192.168.3.1) ;; WHEN: 日 3 月 27 11:48:33 CST 2022 ;; MSG SIZE rcvd: 73 

完整的 wireshark 抓包解析：

No. Time Source Destination Protocol Length Info 25 7.346083883 192.168.3.19 192.168.3.1 DNS 101 Standard query 0xd6cf A www.bilibili.com OPT Frame 25: 101 bytes on wire (808 bits), 101 bytes captured (808 bits) on interface any, id 0 Linux cooked capture v1 Internet Protocol Version 4, Src: 192.168.3.19, Dst: 192.168.3.1 User Datagram Protocol, Src Port: 38606, Dst Port: 53 Domain Name System (query) Transaction ID: 0xd6cf Flags: 0x0120 Standard query Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 1 Queries www.bilibili.com: type A, class IN Name: www.bilibili.com [Name Length: 16] [Label Count: 3] Type: A (Host Address) (1) Class: IN (0x0001) Additional records <Root>: type OPT Name: <Root> Type: OPT (41) UDP payload size: 4096 Higher bits in extended RCODE: 0x00 EDNS0 version: 0 Z: 0x0000 0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs .000 0000 0000 0000 = Reserved: 0x0000 Data length: 12 Option: COOKIE Option Code: COOKIE (10) Option Length: 8 Option Data: e036ff0d0880aa5c Client Cookie: e036ff0d0880aa5c Server Cookie: <MISSING> [Response In: 26] 

No. Time Source Destination Protocol Length Info 26 7.354332337 192.168.3.1 192.168.3.19 DNS 185 Standard query response 0xd6cf A www.bilibili.com CNAME g.w.bilicdn1.com A 139.159.241.37 A 8.134.50.24 A 8.134.32.222 A 8.134.64.214 A 139.159.246.60 Frame 26: 185 bytes on wire (1480 bits), 185 bytes captured (1480 bits) on interface any, id 0 Linux cooked capture v1 Internet Protocol Version 4, Src: 192.168.3.1, Dst: 192.168.3.19 User Datagram Protocol, Src Port: 53, Dst Port: 38606 Domain Name System (response) Transaction ID: 0xd6cf Flags: 0x8180 Standard query response, No error Questions: 1 Answer RRs: 6 Authority RRs: 0 Additional RRs: 0 Queries www.bilibili.com: type A, class IN Name: www.bilibili.com [Name Length: 16] [Label Count: 3] Type: A (Host Address) (1) Class: IN (0x0001) Answers www.bilibili.com: type CNAME, class IN, cname g.w.bilicdn1.com Name: www.bilibili.com Type: CNAME (Canonical NAME for an alias) (5) Class: IN (0x0001) Time to live: 159 (2 minutes, 39 seconds) Data length: 15 CNAME: g.w.bilicdn1.com g.w.bilicdn1.com: type A, class IN, addr 139.159.241.37 Name: g.w.bilicdn1.com Type: A (Host Address) (1) Class: IN (0x0001) Time to live: 10 (10 seconds) Data length: 4 Address: 139.159.241.37 g.w.bilicdn1.com: type A, class IN, addr 8.134.50.24 Name: g.w.bilicdn1.com Type: A (Host Address) (1) Class: IN (0x0001) Time to live: 10 (10 seconds) Data length: 4 Address: 8.134.50.24 g.w.bilicdn1.com: type A, class IN, addr 8.134.32.222 Name: g.w.bilicdn1.com Type: A Host Address) (1) Class: IN (0x0001) Time to live: 10 (10 seconds) Data length: 4 Address: 8.134.32.222 g.w.bilicdn1.com: type A, class IN, addr 8.134.64.214 Name: g.w.bilicdn1.com Type: A (Host Address) (1) Class: IN (0x0001) Time to live: 10 (10 seconds) Data length: 4 Address: 8.134.64.214 g.w.bilicdn1.com: type A, class IN, addr 139.159.246.60 Name: g.w.bilicdn1.com Type: A (Host Address) (1) Class: IN (0x0001) Time to live: 10 (10 seconds) Data length: 4 Address: 139.159.246.60 [Request In: 25] [Time: 0.008248454 seconds] 

No. Time Source Destination Protocol Length Info 38 14.266273690 192.168.3.19 192.168.3.1 DNS 101 Standard query 0xbeed A www.bilibili.com OPT Frame 38: 101 bytes on wire (808 bits), 101 bytes captured (808 bits) on interface any, id 0 Linux cooked capture v1 Internet Protocol Version 4, Src: 192.168.3.19, Dst: 192.168.3.1 User Datagram Protocol, Src Port: 60191, Dst Port: 53 Domain Name System (query) Transaction ID: 0xbeed Flags: 0x0120 Standard query Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 1 Queries www.bilibili.com: type A, class IN Name: www.bilibili.com [Name Length: 16] [Label Count: 3] Type: A (Host Address) (1) Class: IN (0x0001) Additional records <Root>: type OPT Name: <Root> Type: OPT (41) UDP payload size: 4096 Higher bits in extended RCODE: 0x00 EDNS0 version: 0 Z: 0x0000 0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs .000 0000 0000 0000 = Reserved: 0x0000 Data length: 12 Option: COOKIE Option Code: COOKIE (10) Option Length: 8 Option Data: c02738a3d17e7b70 Client Cookie: c02738a3d17e7b70 Server Cookie: <MISSING> [Response In: 39] 

No. Time Source Destination Protocol Length Info 39 14.267774911 192.168.3.1 192.168.3.19 DNS 117 Standard query response 0xbeed A www.bilibili.com OPT A 139.159.241.37 Frame 39: 117 bytes on wire (936 bits), 117 bytes captured (936 bits) on interface any, id 0 Linux cooked capture v1 Internet Protocol Version 4, Src: 192.168.3.1, Dst: 192.168.3.19 User Datagram Protocol, Src Port: 53, Dst Port: 60191 Domain Name System (response) Transaction ID: 0xbeed Flags: 0x8000 Standard query response, No error Questions: 1 Answer RRs: 1 Authority RRs: 0 Additional RRs: 1 Queries www.bilibili.com: type A, class IN Name: www.bilibili.com [Name Length: 16] [Label Count: 3] Type: A (Host Address) (1) Class: IN (0x0001) Answers <Root>: type OPT Name: <Root> Type: OPT (41) UDP payload size: 4096 Higher bits in extended RCODE: 0x00 EDNS0 version: 0 Z: 0x0000 0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs .000 0000 0000 0000 = Reserved: 0x0000 Data length: 12 Option: COOKIE Option Code: COOKIE (10) Option Length: 8 Option Data: c02738a3d17e7b70 Client Cookie: c02738a3d17e7b70 Server Cookie: <MISSING> Additional records www.bilibili.com: type A, class IN, addr 139.159.241.37 Name: www.bilibili.com Type: A (Host Address) (1) Class: IN (0x0001) Time to live: 3 (3 seconds) Data length: 4 Address: 139.159.241.37 [Request In: 38] [Time: 0.001501221 seconds] 

No. Time Source Destination Protocol Length Info 44 15.994234720 192.168.3.19 192.168.3.1 DNS 101 Standard query 0x0fd2 A www.bilibili.com OPT Frame 44: 101 bytes on wire (808 bits), 101 bytes captured (808 bits) on interface any, id 0 Linux cooked capture v1 Internet Protocol Version 4, Src: 192.168.3.19, Dst: 192.168.3.1 User Datagram Protocol, Src Port: 43953, Dst Port: 53 Domain Name System (query) Transaction ID: 0x0fd2 Flags: 0x0120 Standard query Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 1 Queries www.bilibili.com: type A, class IN Name: www.bilibili.com [Name Length: 16] [Label Count: 3] Type: A (Host Address) (1) Class: IN (0x0001) Additional records <Root>: type OPT Name: <Root> Type: OPT (41) UDP payload size: 4096 Higher bits in extended RCODE: 0x00 EDNS0 version: 0 Z: 0x0000 0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs .000 0000 0000 0000 = Reserved: 0x0000 Data length: 12 Option: COOKIE Option Code: COOKIE (10) Option Length: 8 Option Data: d5c4eb514034689a Client Cookie: d5c4eb514034689a Server Cookie: <MISSING> [Response In: 45] 

No. Time Source Destination Protocol Length Info 45 15.995820491 192.168.3.1 192.168.3.19 DNS 117 Standard query response 0x0fd2 A www.bilibili.com OPT A 139.159.241.37 Frame 45: 117 bytes on wire (936 bits), 117 bytes captured (936 bits) on interface any, id 0 Linux cooked capture v1 Internet Protocol Version 4, Src: 192.168.3.1, Dst: 192.168.3.19 User Datagram Protocol, Src Port: 53, Dst Port: 43953 Domain Name System (response) Transaction ID: 0x0fd2 Flags: 0x8000 Standard query response, No error Questions: 1 Answer RRs: 1 Authority RRs: 0 Additional RRs: 1 Queries www.bilibili.com: type A, class IN Name: www.bilibili.com [Name Length: 16] [Label Count: 3] Type: A (Host Address) (1) Class: IN (0x0001) Answers <Root>: type OPT Name: <Root> Type: OPT (41) UDP payload size: 4096 Higher bits in extended RCODE: 0x00 EDNS0 version: 0 Z: 0x0000 0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs .000 0000 0000 0000 = Reserved: 0x0000 Data length: 12 Option: COOKIE Option Code: COOKIE (10) Option Length: 8 Option Data: d5c4eb514034689a Client Cookie: d5c4eb514034689a Server Cookie: <MISSING> Additional records www.bilibili.com: type A, class IN, addr 139.159.241.37 Name: www.bilibili.com Type: A (Host Address) (1) Class: IN (0x0001) Time to live: 1 (1 second) Data length: 4 Address: 139.159.241.37 [Request In: 44] [Time: 0.001585771 seconds]